>>>>> "RSB" == Ryan S Brown <ryansb@xxxxxxxxxx> writes: RSB> I disagree; for server & cloud deployments it doesn't make sense to RSB> duplicate a DNS server on *every* host, and if you care about RSB> DNSSEC you likely already run a trusted resolver. I disagree generally in the case of server deployments. Having a local caching resolver is pretty much essential, even though we all know it's just a workaround for glibc. Basically, if you have properly functioning DNS on multiple local servers but not having anything fancier like heartbeat-based IP handoff or a load balancing appliance or something, and the first resolver in resolv.conf goes offline, your hosts are screwed. glibc's resolver code is simply horrible. This is completely exclusive of DNSSEC issues. Of course, most folks who have enough infrastructure to have their own DNS servers and such can easily figure out how to configure a local resolver if need be, so what's in the default setup really makes no difference. And for the home user who might want to grab the server spin/product/whatever-we're-calling-it-this-week, well, I'd think they'd want the local resolver. What really concerns me is what happens with split DNS. I assume I'll just need to configure the local resolvers to talk only to my resolvers, but this would really need to be documented. - J< -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
